<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>CentOS7.2 系统服务器中挖矿病毒查杀 | Joey</title><meta name="keywords" content="Linux,CentOS,zigw"><meta name="author" content="方陈勇"><meta name="copyright" content="方陈勇"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta name="description" content="CentOS7.2 系统服务器中挖矿病毒查杀">
<meta property="og:type" content="article">
<meta property="og:title" content="CentOS7.2 系统服务器中挖矿病毒查杀">
<meta property="og:url" content="http://fangchenyong.top/2019/07/23/Linux-zigw%E7%97%85%E6%AF%92%E6%9F%A5%E6%9D%80/index.html">
<meta property="og:site_name" content="Joey">
<meta property="og:description" content="CentOS7.2 系统服务器中挖矿病毒查杀">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG">
<meta property="article:published_time" content="2019-07-22T16:00:00.000Z">
<meta property="article:modified_time" content="2020-05-22T10:04:36.816Z">
<meta property="article:author" content="方陈勇">
<meta property="article:tag" content="Linux">
<meta property="article:tag" content="CentOS">
<meta property="article:tag" content="zigw">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG"><link rel="shortcut icon" href="/img/favicon.png"><link rel="canonical" href="http://fangchenyong.top/2019/07/23/Linux-zigw%E7%97%85%E6%AF%92%E6%9F%A5%E6%9D%80/"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = { 
  root: '/',
  algolia: undefined,
  localSearch: undefined,
  translate: undefined,
  noticeOutdate: undefined,
  highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
  copy: {
    success: '复制成功',
    error: '复制错误',
    noSupport: '浏览器不支持'
  },
  relativeDate: {
    homepage: false,
    post: false
  },
  runtime: '天',
  date_suffix: {
    just: '刚刚',
    min: '分钟前',
    hour: '小时前',
    day: '天前',
    month: '个月前'
  },
  copyright: undefined,
  lightbox: 'fancybox',
  Snackbar: undefined,
  source: {
    jQuery: 'https://cdn.jsdelivr.net/npm/jquery@latest/dist/jquery.min.js',
    justifiedGallery: {
      js: 'https://cdn.jsdelivr.net/npm/justifiedGallery/dist/js/jquery.justifiedGallery.min.js',
      css: 'https://cdn.jsdelivr.net/npm/justifiedGallery/dist/css/justifiedGallery.min.css'
    },
    fancybox: {
      js: 'https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@latest/dist/jquery.fancybox.min.js',
      css: 'https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@latest/dist/jquery.fancybox.min.css'
    }
  },
  isPhotoFigcaption: false,
  islazyload: false,
  isanchor: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = { 
  isPost: true,
  isHome: false,
  isHighlightShrink: false,
  isToc: true,
  postUpdate: '2020-05-22 18:04:36'
}</script><noscript><style type="text/css">
  #nav {
    opacity: 1
  }
  .justified-gallery img {
    opacity: 1
  }

  #recent-posts time,
  #post-meta time {
    display: inline !important
  }
</style></noscript><script>(win=>{
    win.saveToLocal = {
      set: function setWithExpiry(key, value, ttl) {
        if (ttl === 0) return
        const now = new Date()
        const expiryDay = ttl * 86400000
        const item = {
          value: value,
          expiry: now.getTime() + expiryDay,
        }
        localStorage.setItem(key, JSON.stringify(item))
      },

      get: function getWithExpiry(key) {
        const itemStr = localStorage.getItem(key)

        if (!itemStr) {
          return undefined
        }
        const item = JSON.parse(itemStr)
        const now = new Date()

        if (now.getTime() > item.expiry) {
          localStorage.removeItem(key)
          return undefined
        }
        return item.value
      }
    }
  
    win.getScript = url => new Promise((resolve, reject) => {
      const script = document.createElement('script')
      script.src = url
      script.async = true
      script.onerror = reject
      script.onload = script.onreadystatechange = function() {
        const loadState = this.readyState
        if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
        script.onload = script.onreadystatechange = null
        resolve()
      }
      document.head.appendChild(script)
    })
  
      win.activateDarkMode = function () {
        document.documentElement.setAttribute('data-theme', 'dark')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
        }
      }
      win.activateLightMode = function () {
        document.documentElement.setAttribute('data-theme', 'light')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
        }
      }
      const t = saveToLocal.get('theme')
    
          if (t === 'dark') activateDarkMode()
          else if (t === 'light') activateLightMode()
        
      const asideStatus = saveToLocal.get('aside-status')
      if (asideStatus !== undefined) {
        if (asideStatus === 'hide') {
          document.documentElement.classList.add('hide-aside')
        } else {
          document.documentElement.classList.remove('hide-aside')
        }
      }
    })(window)</script><meta name="generator" content="Hexo 5.4.0"></head><body><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="author-avatar"><img class="avatar-img" src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/3FD9B055-6361-49B7-B8CE-5BA9144BD27F.JPG" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="site-data"><div class="data-item is-center"><div class="data-item-link"><a href="/archives/"><div class="headline">文章</div><div class="length-num">40</div></a></div></div><div class="data-item is-center"><div class="data-item-link"><a href="/tags/"><div class="headline">标签</div><div class="length-num">47</div></a></div></div><div class="data-item is-center"><div class="data-item-link"><a href="/categories/"><div class="headline">分类</div><div class="length-num">49</div></a></div></div></div><hr/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> Home</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> Archives</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> Tags</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> Categories</span></a></div><div class="menus_item"><a class="site-page" href="javascript:void(0);"><i class="fa-fw fas fa-list"></i><span> List</span><i class="fas fa-chevron-down expand"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/music/"><i class="fa-fw fas fa-music"></i><span> Music</span></a></li><li><a class="site-page child" href="/movies/"><i class="fa-fw fas fa-video"></i><span> Movie</span></a></li></ul></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> Link</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> About</span></a></div></div></div></div><div class="post" id="body-wrap"><header class="post-bg" id="page-header" style="background-image: url('https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/img/20190723151525.png')"><nav id="nav"><span id="blog_name"><a id="site-name" href="/">Joey</a></span><div id="menus"><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> Home</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> Archives</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> Tags</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> Categories</span></a></div><div class="menus_item"><a class="site-page" href="javascript:void(0);"><i class="fa-fw fas fa-list"></i><span> List</span><i class="fas fa-chevron-down expand"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/music/"><i class="fa-fw fas fa-music"></i><span> Music</span></a></li><li><a class="site-page child" href="/movies/"><i class="fa-fw fas fa-video"></i><span> Movie</span></a></li></ul></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> Link</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> About</span></a></div></div><div id="toggle-menu"><a class="site-page"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="post-info"><h1 class="post-title">CentOS7.2 系统服务器中挖矿病毒查杀</h1><div id="post-meta"><div class="meta-firstline"><span class="post-meta-date"><i class="far fa-calendar-alt fa-fw post-meta-icon"></i><span class="post-meta-label">发表于</span><time class="post-meta-date-created" datetime="2019-07-22T16:00:00.000Z" title="发表于 2019-07-23 00:00:00">2019-07-23</time><span class="post-meta-separator">|</span><i class="fas fa-history fa-fw post-meta-icon"></i><span class="post-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2020-05-22T10:04:36.816Z" title="更新于 2020-05-22 18:04:36">2020-05-22</time></span><span class="post-meta-categories"><span class="post-meta-separator">|</span><i class="fas fa-inbox fa-fw post-meta-icon"></i><a class="post-meta-categories" href="/categories/Linux/">Linux</a><i class="fas fa-angle-right post-meta-separator"></i><i class="fas fa-inbox fa-fw post-meta-icon"></i><a class="post-meta-categories" href="/categories/Linux/CentOS/">CentOS</a><i class="fas fa-angle-right post-meta-separator"></i><i class="fas fa-inbox fa-fw post-meta-icon"></i><a class="post-meta-categories" href="/categories/Linux/CentOS/zigw/">zigw</a></span></div><div class="meta-secondline"><span class="post-meta-separator">|</span><span class="post-meta-wordcount"><i class="far fa-file-word fa-fw post-meta-icon"></i><span class="post-meta-label">字数总计:</span><span class="word-count">1.8k</span><span class="post-meta-separator">|</span><i class="far fa-clock fa-fw post-meta-icon"></i><span class="post-meta-label">阅读时长:</span><span>5分钟</span></span></div></div></div></header><main class="layout" id="content-inner"><div id="post"><article class="post-content" id="article-container"><h2 id="CentOS7-2-系统服务器中挖矿病毒查杀"><a href="#CentOS7-2-系统服务器中挖矿病毒查杀" class="headerlink" title="CentOS7.2 系统服务器中挖矿病毒查杀"></a>CentOS7.2 系统服务器中挖矿病毒查杀</h2><p>本文参考链接如下：</p>
<ul>
<li><a target="_blank" rel="noopener" href="https://blog.csdn.net/sayWhat_sayHello/article/details/83988443">zigw挖矿病毒查杀</a></li>
<li><a target="_blank" rel="noopener" href="https://mp.weixin.qq.com/s/FhcoPGXG_udkRCj3AFOmxA">如何排查常见挖矿木马</a></li>
</ul>
<h4 id="1-服务卡顿，执行top-c命令"><a href="#1-服务卡顿，执行top-c命令" class="headerlink" title="1. 服务卡顿，执行top c命令"></a>1. 服务卡顿，执行top c命令</h4><figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">[root@VM_0_5_centos ~]# top c</span><br></pre></td></tr></table></figure>

<p><img src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/img/%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%97%85%E6%AF%92.png" alt="服务器病毒"></p>
<blockquote>
<p><strong>关于top命令</strong>（<a target="_blank" rel="noopener" href="https://blog.csdn.net/wxh2013/article/details/50995501">参考</a>）</p>
<p>1.作用<br>top命令用来显示执行中的程序进程，使用权限是所有用户。</p>
<p>2.格式<br>top [－] [d delay] [q] [c] [S] [s] [i] [n]</p>
<p>3.主要参数<br>d：指定更新的间隔，以秒计算。<br>q：没有任何延迟的更新。如果使用者有超级用户，则top命令将会以最高的优先序执行。<br>c：显示进程完整的路径与名称。<br>S：累积模式，会将己完成或消失的子行程的CPU时间累积起来。<br>s：安全模式。<br>i：不显示任何闲置(Idle)或无用(Zombie)的行程。<br>n：显示更新的次数，完成后将会退出top。</p>
<p>4.每行信息详解</p>
<ul>
<li><p>第一行表示的项目依次为当前时间、系统运行时间、当前系统登录用户数目、1/5/10分钟系统平均负载(一般来说，这个负载值应该不太可能超过 1 才对，除非您的系统很忙碌。 如果持续高于 5 的话，那么…..仔细的看看到底是那个程序在影响整体系统吧！)。</p>
</li>
<li><p>第二行显示的是所有启动的进程、目前运行、挂起 (Sleeping)的和无用(Zombie)的进程。(比较需要注意的是最后的 zombie 那个数值，如果不是 0 ，嘿嘿！好好看看到底是那个 process 变成疆尸了吧？！)(stop模式：与sleep进程应区别，sleep会主动放弃cpu，而stop是被动放弃cpu ，例单步跟踪，stop（暂停）的进程是无法自己回到运行状态的)</p>
</li>
<li><p>第三行显示的是目前CPU的使用情况，包括us用户空间占用CPU百分比、sy 内核空间占用CPU百分比、ni 用户进程空间内改变过优先级的进程占用CPU百分比(中断处理占用)、id 空闲CPU百分比、wa 等待输入输出的CPU时间百分比、hi,si,st 三者的意思目录还不清楚</p>
</li>
<li><p>第四行显示物理内存的使用情况，包括总的可以使用的内存、已用内存、空闲内存、缓冲区占用的内存。</p>
</li>
<li><p>第五行显示交换分区使用情况，包括总的交换分区、使用的、空闲的和用于高速缓存的大小。</p>
</li>
<li><p>第六行显示的项目最多，下面列出了详细解释。<br>PID（Process ID）：进程标示号 ( 每个 process 的 ID )<br>USER：进程所有者的用户名 ( 该 process 所属的使用者 )<br>PR：进程的优先级别 ( Priority 的简写，程序的优先执行顺序，越小越早被执行 )<br>NI：进程的优先级别数值 ( Nice 的简写，与 Priority 有关，也是越小越早被执行 )<br>VIRT：进程占用的虚拟内存值。<br>RES：进程占用的物理内存值。<br>SHR：进程使用的共享内存值。<br>S：进程的状态，其中S表示休眠，R表示正在运行，Z表示僵死状态，N表示该进程优先值是负数。<br>%CPU：该进程占用的CPU使用率。<br>%MEM：该进程占用的物理内存和总内存的百分比。<br>TIME＋：该进程启动后占用的总的CPU时间 ( CPU 使用时间的累加 )<br>Command：进程启动的启动命令名称，如果这一行显示不下，进程会有一个完整的命令行。</p>
</li>
</ul>
<p>top命令使用过程中，还可以使用一些交互的命令来完成其它参数的功能。这些命令是通过快捷键启动的。<br>＜空格＞：立刻刷新。<br>P：根据CPU使用大小进行排序。<br>T：根据时间、累计时间排序。<br>q：退出top命令。<br>m：切换显示内存信息。<br>t：切换显示进程和CPU状态信息。<br>c：切换显示命令名称和完整命令行。<br>M：根据使用内存大小进行排序。<br>W：将当前设置写入~/.toprc文件中。这是写top配置文件的推荐方法。</p>
</blockquote>
<h4 id="2-查看系统运行情况，记录PID"><a href="#2-查看系统运行情况，记录PID" class="headerlink" title="2.查看系统运行情况，记录PID"></a>2.查看系统运行情况，记录PID</h4><blockquote>
<p>可以看到./zigw正在运行占用了系统98%的CPU从而导致系统卡顿</p>
<p>记录运行的PID 3692</p>
</blockquote>
<h4 id="3-查看定时任务"><a href="#3-查看定时任务" class="headerlink" title="3. 查看定时任务"></a>3. 查看定时任务</h4><blockquote>
<p>进入/var/spool/cron 目录以及/etc/cron.daily/、/etc/cron.hourly/、/etc/cron.monthly……等</p>
</blockquote>
<p><img src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/img/%E7%97%85%E6%AF%92%E6%9F%A5%E6%89%BE.png" alt="病毒查找"></p>
<h4 id="4-删除定时任务文件"><a href="#4-删除定时任务文件" class="headerlink" title="4. 删除定时任务文件"></a>4. 删除定时任务文件</h4><blockquote>
<p>执行rm -rf 删除root以及dump.rdb文件（第一次未成功使用xftp连接直接删除成功）</p>
<p>执行过程可能会报没有权限删除，查看是否是因为chattr命令锁定了</p>
<p>先使用lsattr命令查看文件属性，如果有权限锁定使用chattr命令修改权限</p>
<p>chattr命令的用法：chattr [ -RVf ] [ -v version ] [ mode ] files…</p>
<p>例：chattr -i root </p>
<p><strong>参数说明</strong></p>
<blockquote>
<p>+：在原有参数设定基础上，追加参数。</p>
<p>-：在原有参数设定基础上，移除参数。<br>= ：更新为指定参数设定。<br>A：文件或目录的 atime (access time)不可被修改(modified), 可以有效预防例如手提电脑磁盘I/O错误的发生。<br>S：硬盘I/O同步选项，功能类似sync。<br>a：即append，设定该参数后，只能向文件中添加数据，而不能删除，多用于服务器日志文件安全，只有root才能设定这个属性。<br>c：即compresse，设定文件是否经压缩后再存储。读取时需要经过自动解压操作。<br>d：即no dump，设定文件不能成为dump程序的备份目标。<br>i：设定文件不能被删除、改名、设定链接关系，同时不能写入或新增内容。i参数对于文件 系统的安全设置有很大帮助。<br>j：即journal，设定此参数使得当通过mount参数：data=ordered 或者 data=writeback 挂 载的文件系统，文件在写入时会先被记录(在journal中)。如果filesystem被设定参数为 data=journal，则该参数自动失效。<br>s：保密性地删除文件或目录，即硬盘空间被全部收回。<br>u：与s相反，当设定为u时，数据内容其实还存在磁盘中，可以用于undeletion。<br>各参数选项中常用到的是a和i。a选项强制只可添加不可删除，多用于日志系统的安全设定。而i是更为严格的安全设定，只有superuser (root) 或具有CAP_LINUX_IMMUTABLE处理能力（标识）的进程能够施加该选项。</p>
<p>…….</p>
</blockquote>
</blockquote>
<h4 id="5-进入-proc目录，查看指定端口信息"><a href="#5-进入-proc目录，查看指定端口信息" class="headerlink" title="5. 进入/proc目录，查看指定端口信息"></a>5. 进入/proc目录，查看指定端口信息</h4><p><img src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/img/%E7%97%85%E6%AF%92%E6%9F%A5%E6%89%BE2.png" alt="病毒查找2"></p>
<blockquote>
<p>可以看到有一条指向/etc/zigw</p>
</blockquote>
<h4 id="6-进入etc目录"><a href="#6-进入etc目录" class="headerlink" title="6. 进入etc目录"></a>6. 进入etc目录</h4><blockquote>
<p>先杀进程 </p>
<figure class="highlight shell"><table><tr><td class="code"><pre><span class="line">[root@VM_0_5_centos 3692]# kill -9 3692</span><br></pre></td></tr></table></figure>

<p>再用chattr改变zigw等病毒文件的权限进行删除。</p>
</blockquote>
<h4 id="7-删除ssh-keys"><a href="#7-删除ssh-keys" class="headerlink" title="7. 删除ssh-keys"></a>7. 删除ssh-keys</h4><blockquote>
<p>进入/root/.ssh目录 ，删除authorize_keys</p>
<p><img src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/img/ssh%E5%88%A0%E9%99%A4.png" alt="ssh删除"></p>
</blockquote>
<h4 id="8-再执行top-c查看"><a href="#8-再执行top-c查看" class="headerlink" title="8. 再执行top c查看"></a>8. 再执行top c查看</h4><p><img src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/img/%E7%97%85%E6%AF%92%E5%A4%8D%E5%8F%91.png" alt="病毒复发"></p>
<h4 id="9-重新执行"><a href="#9-重新执行" class="headerlink" title="9. 重新执行"></a>9. 重新执行</h4><blockquote>
<p> 重新删除root以及dump.rdb文件，查看定时任务情况，在xftp下都进行删除，重新执行kill -9 14120杀死进程，不再复发。</p>
</blockquote>
<h4 id="10-重新配置redis安全配置"><a href="#10-重新配置redis安全配置" class="headerlink" title="10. 重新配置redis安全配置"></a>10. 重新配置redis安全配置</h4></article><div class="post-copyright"><div class="post-copyright__author"><span class="post-copyright-meta">文章作者: </span><span class="post-copyright-info"><a href="mailto:undefined">方陈勇</a></span></div><div class="post-copyright__type"><span class="post-copyright-meta">文章链接: </span><span class="post-copyright-info"><a href="http://fangchenyong.top/2019/07/23/Linux-zigw%E7%97%85%E6%AF%92%E6%9F%A5%E6%9D%80/">http://fangchenyong.top/2019/07/23/Linux-zigw%E7%97%85%E6%AF%92%E6%9F%A5%E6%9D%80/</a></span></div><div class="post-copyright__notice"><span class="post-copyright-meta">版权声明: </span><span class="post-copyright-info">本博客所有文章除特别声明外，均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/" target="_blank">CC BY-NC-SA 4.0</a> 许可协议。转载请注明来自 <a href="http://fangchenyong.top" target="_blank">Joey</a>！</span></div></div><div class="tag_share"><div class="post-meta__tag-list"><a class="post-meta__tags" href="/tags/Linux/">Linux</a><a class="post-meta__tags" href="/tags/CentOS/">CentOS</a><a class="post-meta__tags" href="/tags/zigw/">zigw</a></div><div class="post_share"><div class="social-share" data-image="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" data-sites="facebook,twitter,wechat,weibo,qq"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/social-share.js/dist/css/share.min.css" media="print" onload="this.media='all'"><script src="https://cdn.jsdelivr.net/npm/social-share.js/dist/js/social-share.min.js" defer></script></div></div><nav class="pagination-post" id="pagination"><div class="prev-post pull-left"><a href="/2019/07/23/Linux-install_Tomcat8/"><img class="prev-cover" src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" onerror="onerror=null;src='/img/404.jpg'" alt="cover of previous post"><div class="pagination-info"><div class="label">上一篇</div><div class="prev_info">CentOS7.2 安装tomcat8.5</div></div></a></div><div class="next-post pull-right"><a href="/2019/07/23/%E6%95%B0%E6%8D%AE%E5%BA%93-Oracle-Oracle%E4%BD%BF%E7%94%A8%E6%AD%A3%E5%88%99%E8%A1%A8%E8%BE%BE%E5%BC%8F/"><img class="next-cover" src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" onerror="onerror=null;src='/img/404.jpg'" alt="cover of next post"><div class="pagination-info"><div class="label">下一篇</div><div class="next_info">Oracle中使用正则表达式</div></div></a></div></nav><div class="relatedPosts"><div class="headline"><i class="fas fa-thumbs-up fa-fw"></i><span> 相关推荐</span></div><div class="relatedPosts-list"><div><a href="/2019/08/14/Linux-install_FastDFS+Nginx/" title="CentOS7 安装FastDFS+nginx"><img class="cover" src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2019-08-14</div><div class="title">CentOS7 安装FastDFS+nginx</div></div></a></div><div><a href="/2019/07/23/Linux-install_ActiveMQ/" title="CentOS 7.2安装ActiveMQ 5.14.5"><img class="cover" src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2019-07-23</div><div class="title">CentOS 7.2安装ActiveMQ 5.14.5</div></div></a></div><div><a href="/2019/07/23/Linux-install_JDK1.8/" title="Centos7.2下安装JDK三种方法"><img class="cover" src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2019-07-23</div><div class="title">Centos7.2下安装JDK三种方法</div></div></a></div><div><a href="/2019/07/23/Linux-install_MongoDB4.0.5/" title="CentOS 7.2安装MongoDB 4.0.5"><img class="cover" src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2019-07-23</div><div class="title">CentOS 7.2安装MongoDB 4.0.5</div></div></a></div><div><a href="/2019/07/23/Linux-install_MySql5.7/" title="CentOS 7.2 安装MySql 5.7"><img class="cover" src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2019-07-23</div><div class="title">CentOS 7.2 安装MySql 5.7</div></div></a></div><div><a href="/2019/07/23/Linux-install_Redis5.0.3/" title="Centos 7.2 安装目前最新版Redis5.0.3"><img class="cover" src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2019-07-23</div><div class="title">Centos 7.2 安装目前最新版Redis5.0.3</div></div></a></div></div></div></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="card-info-avatar is-center"><img class="avatar-img" src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/3FD9B055-6361-49B7-B8CE-5BA9144BD27F.JPG" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/><div class="author-info__name">方陈勇</div><div class="author-info__description">一路向前</div></div><div class="card-info-data"><div class="card-info-data-item is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">40</div></a></div><div class="card-info-data-item is-center"><a href="/tags/"><div class="headline">标签</div><div class="length-num">47</div></a></div><div class="card-info-data-item is-center"><a href="/categories/"><div class="headline">分类</div><div class="length-num">49</div></a></div></div><a class="button--animated" id="card-info-btn" target="_blank" rel="noopener" href="https://github.com/fangchenyong"><i class="fab fa-github"></i><span>Follow Me</span></a><div class="card-info-social-icons is-center"><a class="social-icon" href="https://github.com/fangchenyong" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="mailto:1013659102@qq.com" target="_blank" title="Email"><i class="fas fa-envelope"></i></a></div></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn card-announcement-animation"></i><span>公告</span></div><div class="announcement_content">个人笔记，如有疑问请联系 QQ:1013659102。</div></div><div class="sticky_layout"><div class="card-widget" id="card-toc"><div class="item-headline"><i class="fas fa-stream"></i><span>目录</span></div><div class="toc-content"><ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#CentOS7-2-%E7%B3%BB%E7%BB%9F%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%B8%AD%E6%8C%96%E7%9F%BF%E7%97%85%E6%AF%92%E6%9F%A5%E6%9D%80"><span class="toc-number">1.</span> <span class="toc-text">CentOS7.2 系统服务器中挖矿病毒查杀</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#1-%E6%9C%8D%E5%8A%A1%E5%8D%A1%E9%A1%BF%EF%BC%8C%E6%89%A7%E8%A1%8Ctop-c%E5%91%BD%E4%BB%A4"><span class="toc-number">1.0.1.</span> <span class="toc-text">1. 服务卡顿，执行top c命令</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2-%E6%9F%A5%E7%9C%8B%E7%B3%BB%E7%BB%9F%E8%BF%90%E8%A1%8C%E6%83%85%E5%86%B5%EF%BC%8C%E8%AE%B0%E5%BD%95PID"><span class="toc-number">1.0.2.</span> <span class="toc-text">2.查看系统运行情况，记录PID</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#3-%E6%9F%A5%E7%9C%8B%E5%AE%9A%E6%97%B6%E4%BB%BB%E5%8A%A1"><span class="toc-number">1.0.3.</span> <span class="toc-text">3. 查看定时任务</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#4-%E5%88%A0%E9%99%A4%E5%AE%9A%E6%97%B6%E4%BB%BB%E5%8A%A1%E6%96%87%E4%BB%B6"><span class="toc-number">1.0.4.</span> <span class="toc-text">4. 删除定时任务文件</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#5-%E8%BF%9B%E5%85%A5-proc%E7%9B%AE%E5%BD%95%EF%BC%8C%E6%9F%A5%E7%9C%8B%E6%8C%87%E5%AE%9A%E7%AB%AF%E5%8F%A3%E4%BF%A1%E6%81%AF"><span class="toc-number">1.0.5.</span> <span class="toc-text">5. 进入&#x2F;proc目录，查看指定端口信息</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#6-%E8%BF%9B%E5%85%A5etc%E7%9B%AE%E5%BD%95"><span class="toc-number">1.0.6.</span> <span class="toc-text">6. 进入etc目录</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#7-%E5%88%A0%E9%99%A4ssh-keys"><span class="toc-number">1.0.7.</span> <span class="toc-text">7. 删除ssh-keys</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#8-%E5%86%8D%E6%89%A7%E8%A1%8Ctop-c%E6%9F%A5%E7%9C%8B"><span class="toc-number">1.0.8.</span> <span class="toc-text">8. 再执行top c查看</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#9-%E9%87%8D%E6%96%B0%E6%89%A7%E8%A1%8C"><span class="toc-number">1.0.9.</span> <span class="toc-text">9. 重新执行</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#10-%E9%87%8D%E6%96%B0%E9%85%8D%E7%BD%AEredis%E5%AE%89%E5%85%A8%E9%85%8D%E7%BD%AE"><span class="toc-number">1.0.10.</span> <span class="toc-text">10. 重新配置redis安全配置</span></a></li></ol></li></ol></li></ol></div></div><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item"><a class="thumbnail" href="/2021/03/21/%E9%9D%A2%E8%AF%95-%E5%B9%B6%E5%8F%91%E3%80%81%E5%A4%9A%E7%BA%BF%E7%A8%8B/" title="面试题-并发编程"><img src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="面试题-并发编程"/></a><div class="content"><a class="title" href="/2021/03/21/%E9%9D%A2%E8%AF%95-%E5%B9%B6%E5%8F%91%E3%80%81%E5%A4%9A%E7%BA%BF%E7%A8%8B/" title="面试题-并发编程">面试题-并发编程</a><time datetime="2021-03-20T16:00:00.000Z" title="发表于 2021-03-21 00:00:00">2021-03-21</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2021/03/20/%E9%9D%A2%E8%AF%95-%E9%9B%86%E5%90%88/" title="面试题-集合框架"><img src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="面试题-集合框架"/></a><div class="content"><a class="title" href="/2021/03/20/%E9%9D%A2%E8%AF%95-%E9%9B%86%E5%90%88/" title="面试题-集合框架">面试题-集合框架</a><time datetime="2021-03-19T16:00:00.000Z" title="发表于 2021-03-20 00:00:00">2021-03-20</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2021/03/20/Java-%E6%BA%90%E7%A0%81-JDK8-HashMap/" title="JDK8 HashMap源码"><img src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="JDK8 HashMap源码"/></a><div class="content"><a class="title" href="/2021/03/20/Java-%E6%BA%90%E7%A0%81-JDK8-HashMap/" title="JDK8 HashMap源码">JDK8 HashMap源码</a><time datetime="2021-03-19T16:00:00.000Z" title="发表于 2021-03-20 00:00:00">2021-03-20</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2021/03/13/The%20Road%20To%20Bald%20Man!/" title="The Road To Bald Man!"><img src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="The Road To Bald Man!"/></a><div class="content"><a class="title" href="/2021/03/13/The%20Road%20To%20Bald%20Man!/" title="The Road To Bald Man!">The Road To Bald Man!</a><time datetime="2021-03-12T16:00:00.000Z" title="发表于 2021-03-13 00:00:00">2021-03-13</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2020/07/21/%E6%A1%86%E6%9E%B6-Maven-%E9%85%8D%E7%BD%AE%E6%A0%87%E7%AD%BE%E8%AF%A6%E8%A7%A3/" title="Maven配置标签详解"><img src="https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/BEF238F4E59CF4D91A694FE9C5DBC030.JPG" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Maven配置标签详解"/></a><div class="content"><a class="title" href="/2020/07/21/%E6%A1%86%E6%9E%B6-Maven-%E9%85%8D%E7%BD%AE%E6%A0%87%E7%AD%BE%E8%AF%A6%E8%A7%A3/" title="Maven配置标签详解">Maven配置标签详解</a><time datetime="2020-07-20T16:00:00.000Z" title="发表于 2020-07-21 00:00:00">2020-07-21</time></div></div></div></div></div></div></main><footer id="footer" style="background-image: url('https://fangchenyong.oss-cn-hangzhou.aliyuncs.com/img/20190723151525.png')"><div id="footer-wrap"><div class="copyright">&copy;2019 - 2021 By 方陈勇</div><div class="framework-info"><span>框架 </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div><div class="footer_custom_text">人生没有退路！</div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="readmode" type="button" title="阅读模式"><i class="fas fa-book-open"></i></button><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button class="close" id="mobile-toc-button" type="button" title="目录"><i class="fas fa-list-ul"></i></button><button id="go-up" type="button" title="回到顶部"><i class="fas fa-arrow-up"></i></button></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><div class="js-pjax"></div><script id="canvas_nest" defer="defer" color="0,0,255" opacity="0.7" zIndex="-1" count="99" mobile="false" src="https://cdn.jsdelivr.net/npm/butterfly-extsrc@1/dist/canvas-nest.min.js"></script></div></body></html>